ISO 20000 Professional Sample Exam

ISO 20000 Information Technology Service Management Systems Professional Sample Questions

Professional Certifications

1.

You work as an external consultant to an IT department that plans to demonstrate conformity to ISO 20000 requirements. The IT department is part of a global bank and works as an internal service provider to the bank. During your initial analysis, you realize that the IT department has full access to analysis of measurements related to the capacity management process so it can determine the capacity process performance, but the planning and prioritization of capacity improvement belongs to the financial department of the bank. What should you do next? A. You have to mention this to the IT Manager and explain that the IT Department can't demonstrate conformity to ISO/IEC 20000 B. You have to mention this to the IT Manager and explain that under these conditions the IT Department can demonstrate conformity to ISO/IEC 20000 C. You don’t have to mention this to the IT Manager as it is irrelevant to ISO/IEC 20000 requirements D. You have to analyze the detail of arrangements between the IT Department and the Financial Department before you make your suggestions

2.

In which of the 3 necessary phases for an implementation of a Service Management System (SMS) according to ISO / IEC 20000-1 requirements should you set the activity of service level management described as “The list of services and SLAs are reviewed with the customer at planned intervals and are maintained to ensure that they are up to date and remain effective over time”? A. Phase 1: SMS structure established and implemented B. Phase 2: revision of policies, additional processes, integration of existing processes, procedures and other supporting documentation C. Phase 3: revision of policies, final processes, integration of all processes, documentation of under-pinning procedures and supporting documents D. Phases 2 & 3

PEOPLECERT – PMS: ISO 20000 Sample Paper, Professional Level This document must not be reproduced without express permission from the test publisher

Page 2

3.

In order to achieve the control objective “To manage information security within the organization”, which of the following controls is the most suitable to be applied? A. All identified security requirements should be addressed before giving customers access to the organization's information or assets B. Appropriate contacts with special interest groups or other specialist security forums and professional associations should be maintained C. Rules for the acceptable use of information and assets should be identified, documented and implemented D. None of the above

4.

You are responsible for providing an electronic financial service to corporate customers. The supplier of software informs you that a new release of the software is available. As the responsible manager of financial service… A. ...you should plan the installation of the new release in order to improve the service. B. …your first step is to review the business requirements and then decide about the installation of the updated software. C. ...you have to inform the supplier that the IT Manager is responsible for the maintenance of software. D. ...you should avoid the installation as it could be a source of risk for the quality of service.


Page 3

5.

A single framework of business continuity plans should be maintained to ensure all plans are consistent, to consistently address information security requirements and to identify priorities for testing and maintenance. Which of the following considerations is INCORRECT as a part of the above framework? A. Determination of the conditions for activating the plans which describe the process to be followed before each plan will be activated B. Temporary procedures which describe the actions to be taken to return to normal business operations C. Emergency procedures, which describe the actions to be taken after an incident which jeopardizes business operations D. A schedule which specifies the expiration date of the plan

6.

Service Level Agreements can be established between the service provider and… A. ...a customer or a supplier. B. ...an internal group. C. ...a customer acting as a supplier. D. All of the above

7.

As a member of a team responsible for developing the needed documentation of your organization according to ISO/IEC 20000 requirements, you have to develop a procedure for handling incidents. Which of the following events would you choose to include in the scope of the procedure? A. Human errors B. Uncontrolled system changes C. Loss of service D. All of the above


Page 4

8.

As incident manager you are informed by the web banking department that according to relevant reports the service will be collapsed. Which of the following is your main activity? A. You have to be concerned with the restoration of service B. You have to inform the Problem Manager C. You have to determine the cause of the incident D. All of the above

9.

As an internal auditor you make an internal audit on a change process. Which of the following consists a non-conformity to ISO/IEC 20000 requirements? A. A lot of configuration items are out of the control of change management B. There are lots of requests for server upgrading and all of them are rejected C. Requests for server upgrading are not classified D. All of the above

10.

Which of the following activities should be avoided when audit activities involving checks on operational systems are implemented, in order to minimize the risk of business processes' disruption? A. All access should be monitored and logged to produce a reference trail B. The person(s) carrying out the audit should be independent of the activities audited C. Checks should have no limited access to software and data D. Resources for performing the checks should be explicitly identified and made available


Page 5

ANSWER KEY for SAMPLE Questions 1 2 3 4 5

A C B B D D D A C

6 7 8 9 10

C


Page 6